CVE-2025-30171 is a high-severity vulnerability classified under CWE-863 (Incorrect Authorization) affecting ABB's ASPECT-Enterprise, NEXUS Series, and MATRIX Series products up to version 3.08.03. The vulnerability allows an attacker who has compromised session administrator credentials to delete critical system files within the affected systems. The core issue stems from improper authorization controls that fail to restrict privileged file deletion operations exclusively to appropriately authorized users. Exploitation requires network access (AV:N) with low attack complexity (AC:L) but does require privileges of a high-level user (PR:H) and partial authentication (AT:P). No user interaction is needed (UI:N). The vulnerability impacts confidentiality, integrity, and availability, with a particularly high impact on integrity and availability due to the potential deletion of system files, which could lead to system instability or denial of service. The CVSS 4.0 vector indicates low scope change (S:N) but high impacts on confidentiality (C), integrity (I), and availability (A). Although no known exploits are reported in the wild yet, the vulnerability poses a significant risk if administrator credentials are compromised, which could occur via phishing, credential theft, or insider threats. The products affected are industrial control and enterprise management systems widely used in critical infrastructure and manufacturing environments, making this vulnerability particularly concerning for operational technology (OT) environments.

For European organizations, especially those in critical infrastructure sectors such as energy, manufacturing, and utilities, this vulnerability could have severe consequences. ABB's ASPECT-Enterprise and related series are often deployed in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) environments. Successful exploitation could lead to deletion of essential system files, causing operational disruptions, downtime, and potential safety hazards. This could result in significant financial losses, regulatory penalties, and damage to reputation. Furthermore, the compromise of system integrity and availability could hinder incident response and recovery efforts. Given the reliance of many European industries on ABB products, the vulnerability could also be leveraged in targeted attacks by threat actors aiming to disrupt critical infrastructure or conduct espionage. The requirement for high-privilege credentials means that organizations with weak credential management or insufficient monitoring of privileged accounts are at higher risk.

1. Immediate patching is recommended once ABB releases updates addressing this vulnerability; organizations should prioritize applying these patches to all affected systems. 2. Implement strict access controls and segmentation to limit network exposure of ASPECT-Enterprise and related systems, reducing the attack surface. 3. Enforce robust privileged account management, including multi-factor authentication (MFA) for administrator sessions to reduce the risk of credential compromise. 4. Monitor and audit administrative activities and file system changes in real-time to detect unauthorized deletion attempts promptly. 5. Employ network intrusion detection systems (NIDS) and endpoint detection and response (EDR) solutions tailored for OT environments to identify suspicious behavior. 6. Conduct regular security awareness training focused on phishing and credential protection to prevent initial compromise. 7. Maintain offline backups of critical system files and configurations to enable rapid restoration in case of file deletion or system corruption. 8. Review and harden authorization policies within the affected products to ensure least privilege principles are enforced. 9. Collaborate with ABB support and subscribe to threat intelligence feeds for timely updates on exploit developments and patches.